However, despite various regulations and guidelines by RBI, the banks in India have not only failed to secure their online systems but they have also failed to secure the ATMs installed at their premises. As a result ATM frauds in India have significantly increased. Similarly, the mobile payment cyber security in India is also not in a proper state.
The Vskimmer Trojan capable of stealing credit card information from Windows systems is already in circulation. Similarly, the Malware Dump Memory Grabber is also targeting POS systems and ATMs of major U.S. banks. These malware are creating havoc in India and international levels.
Recently, the RAKBANK and Bank of Muscat Oman became victims of international ATM heist. The Computer Emergency Response Team (CERT) of India has even started investigation in this international ATM heist case as it has Indian connections as well.
The Financial Express has reported that a malware is active in the Indian online banking transactions space. The malware named “Dexter, black POS, memory dump and grabber” can acquire seven aliases when infecting a system and once it is successful in breaching the security protocols of a POS terminal, it steals confidential data like card holder’s name, account number, expiration date, CVV code and other discretionary information which could lead to financially compromising and phishing attacks on the card at a later stage.
This has been declared in a recent advisory issued to the public by the Computer Emergency Response Team (CERT-India). However, the advisory has been issued at a very late stage as the malware has been active in the cyberspace since March, 2013.
The banks in India are bound to follow cyber law due diligence to escape their liability under the information technology act, 2000. Further, the Code Of Bank’s Commitment to Customers by Banking Codes and Standards Board of India (BCSBI)(Pdf) that has been recently released by BCSBI has put additional legal obligations upon banks for fraudulent ATM and POS transactions.